Anti-Theft Software Presents Security Breech

Your daily world news source

Anti-Theft Software Presents Security Breech

31 July 2009 174 views No Comment

PA popular laptop theft-recovery service that is embedded in notebooks made by HP, Dell, Lenovo, Toshiba, Gateway, Asus and Panasonic is actually a dangerous BIOS rootkit that can be hijacked and controlled by malicious hackers.

The service, known as Computrace LoJack for Laptops from Vancouver-based Absolute Software Corp., is subscribed to as a way to recover lost or stolen computers. Most people are unaware that the software exists in their computer, but it is pre-installed in about 60 percent of all new laptops.

The service contains design vulnerabilities and a lack of effective authentication that can give way to “a complete and persistent compromise of an affected system,” according to Black Hat conference presentation by researchers Alfredo Ortega and Anibal Sacco from Core Security Technologies.

The software is embedded so deeply into computers during the manufacturing process that all efforts to uninstall the operating software would not effectively delete it.

The software agent lives in the BIOS, which refers to the programs used to boot the computer and periodically calls home to a central authority for instructions should a laptop be stolen. The call-home mechanism allows the central authority to instruct the BIOS agent to purge all information as a security measure, or to trace the location of the system.

Once a computer embedded with the Computrace technology has been compromised, a thief could completely take over a machine.

The criminal accomplishes this by modifying the machine’s settings to keep a connection to the machine even if the software has been uninstalled and then reinstalled. It may seem like an extreme measure to take, but sometimes it is the only way to be sure a computer has been wiped clean of viruses.

“You have something that’s pre-installed, and considered non-malicious, that you can manipulate and turn into a malicious program – that’s pretty unique,” said Ivan Arce, Core Security’s chief technology officer.

According to Arce, the issue can be rectified by Absolute with an update to the software that could then be pushed out to affected computers. He also said that with a little technical savviness users could disable the software’s ability to be a problem themselves.

“It’s not hard to block once you know what to look for,” Arce said.

Craig Clark, a spokesman from Absolute, said Absolute’s technical team “needs to understand the concerns Core has raised before they can speak to it accurately.”

A senior antivirus researcher with Kaspersky Lab, Roel Schouwenberg, says that the security holes found by Core Security could present a “pretty big challenge for the security community” if they were exploited. He also said that the access obtained by a hacker is somewhat undermined by the fact that harmful programs they attempt to download still must enter computer the same way they always do, and can be protected against.

He said that all downloaded files “will not be stealth, they will not be hiding, they will be visible on the system…anti-malware (software) will be able to scan them. It could have been a whole lot worse.”